From 80792dc555f3d3534fafe623d9a57e4056b1d239 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Tue, 24 May 2022 13:06:00 +0200
Subject: [PATCH] Private/secret keys can be selected.

It returns FCP when a private/secret key is selected but it is not allowed to read them.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/sc_hsm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index 1ecba6a..77457f8 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -222,6 +222,7 @@ static int cmd_select() {
     uint8_t pfx = fid >> 8;
     if (pfx == PRKD_PREFIX || 
         pfx == CD_PREFIX || 
+        pfx == KEY_PREFIX || 
         pfx == EE_CERTIFICATE_PREFIX || 
         pfx == DCOD_PREFIX || 
         pfx == DATA_PREFIX || 
@@ -448,7 +449,7 @@ static int cmd_read_binary()
         }        
     }
     
-    if (!authenticate_action(ef, ACL_OP_READ_SEARCH)) {
+    if ((fid >> 8) == KEY_PREFIX || !authenticate_action(ef, ACL_OP_READ_SEARCH)) {
         return SW_SECURITY_STATUS_NOT_SATISFIED();
     }
     if (ef->data) {